RootForum Community

Code: Select all

## if this script is run as root switch to the following user
USERID=user1
GROUPID=group1

Code: Select all

user1:x:10007:100::/var/www/vhosts/seite.de:/bin/false

Code: Select all

stat(".", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
stat("/home/r5Ks3zEa/bin/env", 0x7fbfffeb30) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/env", 0x7fbfffeb30) = -1 ENOENT (No such file or directory)
stat("/usr/bin/env", {st_mode=S_IFREG|0755, st_size=18720, ...}) = 0
stat("/usr/bin/env", {st_mode=S_IFREG|0755, st_size=18720, ...}) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
lseek(255, -23, SEEK_CUR)               = 1341
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a95d42ff0) = 19530
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
spawn-fcgi.c.381: can't find username, user1
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], WNOHANG, NULL) = 19530
wait4(-1, 0x7fbfffe834, WNOHANG, NULL)  = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff)        = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x42d06e, [], SA_RESTORER, 0x2a95b454c0}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL}, {0x42d06e, [], SA_RESTORER, 0x2a95b454c0}, 8) = 0

Code: Select all

chroot /mein/jail /das/skript.sh

Code: Select all

chroot /mein/jail /bin/bash /das/skript.sh

Code: Select all

chroot /mein/jail /bin/bash /das/skript.sh

Code: Select all

spawn-fcgi.c.212: child exited with: 2, No such file or directory

Code: Select all

rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
stat("/home/r5user/bin/env", 0x7fbfffeb50) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/env", 0x7fbfffeb50) = -1 ENOENT (No such file or directory)
stat("/usr/bin/env", {st_mode=S_IFREG|0755, st_size=18720, ...}) = 0
stat("/usr/bin/env", {st_mode=S_IFREG|0755, st_size=18720, ...}) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
lseek(255, -23, SEEK_CUR)               = 1341
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a95d42ff0) = 3490
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x42d06e, [], SA_RESTORER, 0x2a95b454c0}, {SIG_DFL}, 8) = 0
wait4(-1, spawn-fcgi.c.212: child exited with: 2, No such file or directory
[{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 3490
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
wait4(-1, 0x7fbfffe964, WNOHANG, NULL)  = -1 ECHILD (No child processes)
rt_sigreturn(0xffffffffffffffff)        = 0
rt_sigaction(SIGINT, {SIG_DFL}, {0x42d06e, [], SA_RESTORER, 0x2a95b454c0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0

Code: Select all

-c -- count time, calls, and errors for each syscall and report summary
-f -- follow forks, -ff -- with output into separate files
-F -- attempt to follow vforks, -h -- print help message
-i -- print instruction pointer at time of syscall
-q -- suppress messages about attaching, detaching, etc.
-r -- print relative timestamp, -t -- absolute timestamp, -tt -- with usecs
-T -- print time spent in each syscall, -V -- print version
-v -- verbose mode: print unabbreviated argv, stat, termio[s], etc. args
-x -- print non-ascii strings in hex, -xx -- print all strings in hex
-a column -- alignment COLUMN for printing syscall results (default 40)
-e expr -- a qualifying expression: option=[!]all or option=[!]val1[,val2]...
   options: trace, abbrev, verbose, raw, signal, read, or write
-o file -- send trace output to FILE instead of stderr
-O overhead -- set overhead for tracing syscalls to OVERHEAD usecs
-p pid -- trace process with process id PID, may be repeated
-s strsize -- limit length of print strings to STRSIZE chars (default 32)
-S sortby -- sort syscall counts by: time, calls, name, nothing (default time)
-u username -- run command as username handling setuid and/or setgid
-E var=val -- put var=val in the environment for command
-E var -- remove var from the environment for command

Code: Select all

chroot /home/wwwserver /home/php5/bin/php -v

PHP 5.2.0 with Suhosin-Patch 0.9.6.2 (cgi-fcgi) (built: Dec  3 2006 22:36:21)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2006 Zend Technologies

Code: Select all

#!/bin/bash

## ABSOLUTE path to the spawn-fcgi binary
SPAWNFCGI="/usr/sbin/spawn-fcgi"

## ABSOLUTE path to the PHP binary
FCGIPROGRAM="/home/php5-su/bin/php"

## bind to tcp-port on localhost
FCGISOCKET="/var/www-web2/fastcgi/user1/user1.socket"
##diesen Socket habe ich zusätzlich
##ins Chroot gelinkt, verstehe allerdings nicht ganz,
##was das bringen soll.

## number of PHP childs to spawn in addition to the default. Minimum of 2.
## Actual childs = PHP_FCGI_CHILDREN + 1
PHP_FCGI_CHILDREN=4

## number of request server by a single php-process until is will be restarted
PHP_FCGI_MAX_REQUESTS=800

## IP adresses where PHP should access server connections from
FCGI_WEB_SERVER_ADDRS="127.0.0.1"

# allowed environment variables sperated by spaces
ALLOWED_ENV="PATH USER"

## if this script is run as root switch to the following user
USERID=user1
GROUPID=group1

################## no config below this line

if test x$PHP_FCGI_CHILDREN = x; then
  PHP_FCGI_CHILDREN=5
fi

export PHP_FCGI_MAX_REQUESTS
export FCGI_WEB_SERVER_ADDRS
export PHPRC

ALLOWED_ENV="$ALLOWED_ENV PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS PHPRC"

# copy the allowed environment variables
E=

for i in $ALLOWED_ENV; do
  E="$E $i=${!i}"
done

# clean environment and set up a new one
env - $E $SPAWNFCGI -c "/home/wwwserver" -s $FCGISOCKET -f /home/php5-su/bin/php -u $USERID -g $GROUPID -C $PHP_FCGI_CHILDREN

chmod 770 $FCGISOCKET

Code: Select all

strace -ff -v -a80 -o/tmp/spawn-fcgi.strace /path/to/spawn-fcgi -- -deine -parameter[...]

Code: Select all

...
fstat(3, {st_dev=makedev(0, 18), st_ino=171827235, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=2, st_size=131, st_atime=2007/01/20-22:12:11, st_mtime=2007/01/20-22:12:11, st_ctime=2007/01/20-22:12:11}) = 0
munmap(0x2a9556c000, 131)                                                       = 0
close(3)                                                                        = 0
setgroups(1, [10001])                                                           = 0
setuid(10007)                                                                   = 0
socket(PF_FILE, SOCK_STREAM, 0)                                                 = 3
connect(3, {sa_family=AF_FILE, path="/var/www-web2/fastcgi/user1/user1.socket"}, 54) = -1 ECONNREFUSED (Connection refused)
unlink("/var/www-web2/fastcgi/user1/user1.socket")                  = 0
close(3)                                                                        = 0
socket(PF_FILE, SOCK_STREAM, 0)                                                 = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4)                                 = 0
bind(3, {sa_family=AF_FILE, path="/var/www-web2/fastcgi/user1/user1.socket"}, 54) = 0
listen(3, 1024)                                                                 = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2a95898b90) = 15817
select(0, NULL, NULL, NULL, {0, 100000}) = ? ERESTARTNOHAND (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
select(0, NULL, NULL, NULL, {0, 79000})                                         = 0 (Timeout)
wait4(15817, [{WIFEXITED(s) && WEXITSTATUS(s) == 2}], WNOHANG, NULL)            = 15817
write(2, "spawn-fcgi.c.212: child exited w"..., 66)                             = 66
close(3)                                                                        = 0
exit_group(0)